This time, Google is patching seven high-risk and five medium-risk vulnerabilities and one low-risk vulnerability in Chrome, and releasing a new version of the Flash Player plug-in with a fix for a zero-day vulnerability just patched by Adobe.
The high-risk flaws include integer overflows in PDF codecs, possible use-after-free in database handling, heap overflow in path rendering, heap buffer overflow in MKV handling, user-after-free in subframe loading, integer overflow/truncation in libpng, and bad cast in column handling.
Google handed out $6,837 in bug bounties to researchers who helped with uncovering and patching the Chrome flaws. Six flaws were identified using the open-source tool AddressSanitizer, Google said.
The update marks the release of version 17.0.963.56 a week after version 17 was released. Chrome 17 included a new security feature to check for malicious downloads.
“In addition to checking a list of known bad files, Chrome also does checks on executable files (like ‘.exe’ and ‘.msi’ files). If the executable doesn't match a whitelist, Chrome checks with Google for more information, such as whether the website you're accessing hosts a high number of malicious downloads”, explained Noe Lutz, software engineer with Google.